{"id":19564301,"url":"https://github.com/quillhash/solidity-attack-vectors","last_synced_at":"2025-04-05T08:08:11.522Z","repository":{"id":64932327,"uuid":"540048844","full_name":"Quillhash/Solidity-Attack-Vectors","owner":"Quillhash","description":"This Repository contains list of Common Solidity SmartContract Attack Vectors. If you find any attack vectors missing, you can create a pull request and be a contributor of the project.","archived":false,"fork":false,"pushed_at":"2024-01-28T15:39:04.000Z","size":3673,"stargazers_count":435,"open_issues_count":1,"forks_count":66,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-29T07:08:36.102Z","etag":null,"topics":["blockchain","ethereum","security","solidity"],"latest_commit_sha":null,"homepage":"https://www.quillaudits.com/smart-contract-audit","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Quillhash.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2022-09-22T15:30:56.000Z","updated_at":"2025-03-25T05:53:09.000Z","dependencies_parsed_at":"2024-01-28T16:44:00.448Z","dependency_job_id":null,"html_url":"https://github.com/Quillhash/Solidity-Attack-Vectors","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Quillhash%2FSolidity-Attack-Vectors","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Quillhash%2FSolidity-Attack-Vectors/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Quillhash%2FSolidity-Attack-Vectors/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Quillhash%2FSolidity-Attack-Vectors/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Quillhash","download_url":"https://codeload.github.com/Quillhash/Solidity-Attack-Vectors/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247305935,"owners_count":20917208,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["blockchain","ethereum","security","solidity"],"created_at":"2024-11-11T05:21:20.286Z","updated_at":"2025-04-05T08:08:11.496Z","avatar_url":"https://github.com/Quillhash.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Solidity Smart Contract Attack Vectors:\n\nThis Repository contains list of Solidity Attack Vectors. It includes most solidity vulnerabilities collected from various sources like SWC Registry, DeFi threat, DASP Top-10 and contents all over Internet. You can click each attack vectors and find details about it. This repository will be actively maintained and updated by QuillAudits.\n\n#### If you find any attack vectors missing, you can create a pull request and be a contributor of the project.\n\n![](/mindmaps/Solidity_Vectors_QuillAudits.png)\n\n\n\n---\nSerial No. | Attack Vectors\n--- | ---\n**1** | [Access Control Checks on Critical Function](data/1.md)\n**2** | [Account Existence Check for low level calls](data/2.md)\n**3** | [Arithmetic Over/Under Flows](data/3.md)\n**4** | [Assert Violation](data/4.md)\n**5** | [Authorization through tx.origin](data/5.md)\n**6** | [Bad Source of Randomness](data/6.md)\n**7** | [Block Timestamp manipulation](data/7.md)\n**8** | [Bypass Contract Size Check](data/8.md)\n**9** | [Code With No Effects](data/9.md)\n**10** | [Delegatecall](data/10.md)\n**11** | [Delegatecall to Untrusted Callee](data/11.md)\n**12** | [DoS with (Unexpected) revert](data/12.md)\n**13** | [DoS with Block Gas Limit](data/13.md)\n**14** | [Logical Issues](data/14.md)\n**15** | [Entropy Illusion](data/15.md)\n**16** | [Function Selector Abuse](data/16.md)\n**17** | [Floating Point and Numerical Precision](data/17.md)\n**18** | [Floating Pragma](data/18.md)\n**19** | [Forcibly Sending Ether to a Contract](data/19.md)\n**20** | [Function Default Visibility](data/20.md)\n**21** | [Hash Collisions With Multiple Variable Length Arguments](data/21.md)\n**22** | [Improper Array Deletion](data/22.md)\n**23** | [Incorrect interface](data/23.md)\n**24** | [Insufficient gas griefing](data/24.md)\n**25** | [Unsafe Ownership Transfer](data/25.md)\n**26** | [Loop through long arrays](data/26.md)\n**27** | [Message call with hardcoded gas amount](data/27.md)\n**28** | [Outdated Compiler Version](data/28.md)\n**29** | [Precision Loss in Calculations](data/29.md)\n**30** | [Price Manipulation](data/30.md)\n**31** | [Hiding Malicious Code with External Contract](data/31.md)\n**32** | [Public burn() function](data/32.md)\n**33** | [Race Conditions / Front Running](data/33.md)\n**34** | [Re-entrancy](data/34.md)\n**35** | [Requirement Violation](data/35.md)\n**36** | [Right-To-Left-Override control character (U+202E)](data/36.md)\n**37** | [Shadowing State Variables](data/37.md)\n**38** | [Short Address/Parameter Attack](data/38.md)\n**39** | [Signature Malleability](data/39.md)\n**40** | [Signature Replay Attacks](data/40.md)\n**41** | [State Variable Default Visibility](data/41.md)\n**42** | [Transaction Order Dependence](data/42.md)\n**43** | [Typographical Error](data/43.md)\n**44** | [Unchecked Call Return Value](data/44.md)\n**45** | [Unencrypted Private Data On-Chain](data/45.md)\n**46** | [Unexpected Ether balance](data/46.md)\n**47** | [Uninitialized Storage Pointer](data/47.md)\n**48** | [Unprotected Ether Withdrawal](data/48.md)\n**49** | [Unprotected SELFDESTRUCT Instruction](data/49.md)\n**50** | [Unprotected Upgrades](data/50.md)\n**51** | [Unused Variable](data/51.md)\n**52** | [Use of Deprecated Solidity Functions](data/52.md)\n**53** | [Write to Arbitrary Storage Location](data/53.md)\n**54** | [Wrong inheritance](data/54.md)\n------\n## References:\n\n[SWC Registry](https://swcregistry.io/)\n\n[DeFi-Threat](https://github.com/manifoldfinance/defi-threat)\n\n[Runtimeverification - List-of-Security-Vulnerabilties](https://github.com/runtimeverification/verified-smart-contracts/wiki/List-of-Security-Vulnerabilities)\n\n[DASP-Top 10](https://www.dasp.co/)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquillhash%2Fsolidity-attack-vectors","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fquillhash%2Fsolidity-attack-vectors","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fquillhash%2Fsolidity-attack-vectors/lists"}